Security product flaws are magnet for attackers

    Date30 Mar 2004
    3846
    Posted ByAnthony Pell
    The software vulnerability exploited by last week's Witty worm is only the latest in a growing list of flaws being discovered in the very products users invest in to safeguard their systems. "This is a new realm of risk that users must confront: the security of security products," said Andrew Plato, president of Anitian Enterprise Security, a systems integration and consulting firm in the US. . . . The software vulnerability exploited by last week's Witty worm is only the latest in a growing list of flaws being discovered in the very products users invest in to safeguard their systems.

    "This is a new realm of risk that users must confront: the security of security products," said Andrew Plato, president of Anitian Enterprise Security, a systems integration and consulting firm in the US.

    The Witty worm, which was reported to have damaged 15,000 to 20,000 computers worldwide, took advantage of a flaw involving the BlackIce and RealSecure intrusion-prevention products from Internet Security Systems.

    The worm wrote random data onto the hard discs of vulnerable systems, causing the drives to fail and making it impossible for users to start up the systems.

    The flaw was the result of a buffer-overflow condition in a function used to detect peer-to-peer traffic, said Chris Rouland, director of the X-Force security team at ISS.

    The company worked "very quickly" to reduce the risk after being informed of the problem by eEye Digital Security, Rouland added. But Witty was released "almost immediately" after the fix became available and before many users had time to respond.

    Rouland noted that the number of major flaws that have been discovered in ISS products over the past five years has been limited to two - well below the industry average, he stressed, because ISS follows strong quality and code-audit processes.

    You are not authorised to post comments.

    LinuxSecurity Poll

    Do you reuse passwords across multiple accounts?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    13
    radio
    [{"id":"55","title":"Yes","votes":"5","type":"x","order":"1","pct":45.45,"resources":[]},{"id":"56","title":"No","votes":"6","type":"x","order":"2","pct":54.55,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.